[personal profile] abortrephrase
My little RB keeps me connected to a small VPN of random enthusiast types. We do this mostly just for the hell of it, but one feature is access to suitable file shares on our LANs.

I've held off on opening any of that up for the moment as I didn't want to risk having my upstream slagged. But here's how to do a really simple rate limit on data coming from a specific host on my network to destinations on the VPN:


/ip firewall mangle
add action=mark-packet chain=prerouting disabled=no dst-address=10.0.0.0/8 \
    new-packet-mark=files passthrough=no protocol=tcp src-address=10.8.0.10

/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both \
    disabled=no interface=all limit-at=0/0 max-limit=1M/1M name=vpn-files \
    packet-marks=files parent=none priority=8 queue=default/default \
    total-queue=default-small


The host on my end is 10.8.0.10. The VPN more broadly is 10/8. Those two rules are all it takes. 1Mbps is about a third of my upstream, which is enough to let people slowly snarf things without any real noticeable impact on my own use of my net connection.
From:
Anonymous
OpenID
Identity URL: 
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

Abort, Rephrase, Ignore?

October 2011

S M T W T F S
       1
2 345678
9101112131415
16171819202122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags